package cloud.study.adminserver.config;

import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;

/**
 * admin 安全登录页面配置
 */
@Configuration
public class SecuritryConfig extends WebSecurityConfigurerAdapter {

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        // 这些在jar包中的静态文件不需要认证
        http.formLogin().loginPage("/login.html").loginProcessingUrl("/login").permitAll();
        http.authorizeRequests().antMatchers("login.html","/**/**.css","/img/**","/third-party/**").permitAll();
        http.logout().logoutUrl("/logout");
        http.csrf().disable();
        http.authorizeRequests().antMatchers("/**").authenticated();
        http.httpBasic();
    }
}
